Full Disclosure mailing list archives

Re: The worm author finally revealed!

From: Paul Schmehl <pauls () utdallas edu>
Date: 31 Jan 2003 12:37:04 -0600

On Fri, 2003-01-31 at 10:44, Ron DuFresne wrote:


As mentioned in another list, all this trouble M$ folks have with
patching, and indeed it seems a carzy mess in the windows world, whence
various badly compiled patches will back you out of fixes from the privous
patch, as well as the issues of what thrid party software might do the
same as well as make you open to a potential vuln you weren't subject to
prior, sheesh the list goes one, we need to pity these porr windows
admins.  Russ Cooper had a few posts in ntbugtraq outlining the complexity
with just the windows base OS upgrades, let alone 3rd party stuff...


Here's a good example.  We recently purchased HEAT (a Help Desk - call
tracking product) and installed it on a Windows 2000 Server running SQL
(required for HEAT.)  During the Slammer mess, the box went down, and it
hasn't been back up since.  We *thought* it was due to Slammer, but
further investigation revealed that one of our admins had patched the
box on Friday - before Slammer hit us - and the *patch* is what took the
server down.  (The Windows OS is still working, but HEAT is not.)

Backing the patches out didn't do a thing, so now we have to return all
the way to SP2, reinstall HEAT and then patch back to the level right
*before* the one that took it down.  You can just imagine how thrilled
the admins are to have to do that - and the next time they have to patch
that box, they'll be real leery about doing it.  And these are admins
who are *very* conscientious about patching and *very* aware of security
issues.

Multiply this times 500,000 similar situations worldwide and you have a
rudimentary grasp of the problem.

-- 
Paul Schmehl (pauls () utdallas edu)
Adjunct Information Security Officer
The University of Texas at Dallas
http://www.utdallas.edu/~pauls/
AVIEN Founding Member

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

RE: The worm author finally revealed!, (continued)
- RE: The worm author finally revealed! futureshoks (Jan 31)
  - Re: The worm author finally revealed! HggdH (Jan 31)
  - Re: The worm author finally revealed! Mark Renouf (Jan 31)
    - Re: The worm author finally revealed! Paul Schmehl (Jan 31)
    - Re: The worm author finally revealed! Ron DuFresne (Jan 31)
    - Re: The worm author finally revealed! David Howe (Jan 31)
    - Re: The worm author finally revealed! Paul Schmehl (Jan 31)
    - Re: The worm author finally revealed! Ron DuFresne (Jan 31)
    - Re: The worm author finally revealed! yossarian (Jan 31)
    - Re: The worm author finally revealed! Ron DuFresne (Jan 31)
    - Re: The worm author finally revealed! Paul Schmehl (Jan 31)
    - Re: The worm author finally revealed! madsaxon (Jan 31)
- Re: The worm author finally revealed! futureshoks (Jan 31)
  - Re: The worm author finally revealed! Paul Schmehl (Jan 31)